# TopFlow **Repository Path**: CPLiu/TopFlow ## Basic Information - **Project Name**: TopFlow - **Description**: TopFlow is a security-focused visual workflow builder for creating AI-powered applications. - **Primary Language**: Unknown - **License**: MIT - **Default Branch**: main - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2026-04-02 - **Last Updated**: 2026-04-06 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # GitHub Security Scanner by Former CISO

[![Live Scanner](https://img.shields.io/badge/🚀_Try_Scanner-30_Seconds-brightgreen?style=for-the-badge)](https://topflow.dev/builder?template=github-security-scanner) [![Built by CISO](https://img.shields.io/badge/Built_by-Former_CISO-blue?style=for-the-badge)](https://topflow.dev/about) [![GitHub Stars](https://img.shields.io/github/stars/csupenn/topflow?style=for-the-badge&color=yellow)](https://github.com/csupenn/topflow/stargazers) [![License](https://img.shields.io/badge/License-MIT-blue?style=for-the-badge)](LICENSE) [![Security](https://img.shields.io/badge/Security-A+-green?style=for-the-badge)](https://topflow.dev/docs/security) GitHub Security Scanner Dashboard

**Analyze any GitHub repository's security posture in 30 seconds** Powered by [TopFlow](https://topflow.dev) - Secure AI Workflow Platform [🎯 Scan facebook/react](https://topflow.dev/builder?template=github-security-scanner&repo=facebook/react) • [📖 How It Works](https://topflow.dev/docs) • [⭐ Star on GitHub](https://github.com/csupenn/topflow)

--- ## 🔍 Live Example: facebook/react **Score**: 95/100 (Grade: **A+**) ⭐

**✅ Security Excellence** - Active security policy & code scanning - Dependabot monitoring enabled - Branch protection rules enforced - Secret scanning active **📊 Vulnerability Status** - 0 critical, 1 high, 3 medium, 7 low

**🎯 OWASP Compliance** - 8 of 10 controls passing - Code coverage: 87% - Documentation: 92% **🔐 Best Practices** - GPG commit signing recommended - SAST scanning suggested

**Try it yourself** → [Scan any repo in 30 seconds](https://topflow.dev/builder?template=github-security-scanner) **No signup. No API keys required (demo mode active).** --- ## 🚀 What You Get in 30 Seconds

### 📊 Comprehensive Security Analysis **Automated Checks**: - ✅ OWASP Top 10 compliance - ✅ Vulnerability detection (all severities) - ✅ Dependency audit & license risks - ✅ Security best practices scorecard - ✅ Code quality metrics - ✅ Branch protection analysis **AI-Powered Insights**: - Contextualized recommendations - Priority-ranked action items - Effort estimates for fixes - Impact analysis

### 🎯 Shareable Reports **Export Options**: - 📄 Markdown report - 📋 JSON data (CI/CD ready) - 🏆 Security badges - 🔗 Deep links (pre-filled scanner) **Social Sharing**: - 🐦 Twitter (pre-formatted) - 💼 LinkedIn (rich text) - 📎 One-click copy **Example Badge**: [![Security Score](https://img.shields.io/badge/Security-A+-green)](https://topflow.dev)

**👉 [Scan Your Repository Now](https://topflow.dev/builder?template=github-security-scanner)** --- ## 🔒 Built by Former CISO - Security You Can Trust This isn't just another GitHub scanner. It's built with **enterprise-grade security architecture** by someone who understands the stakes. **Why Trust This Scanner?**

✅ Privacy-First All analysis runs client-side (zero data sent to servers)	✅ BYOK Model Use your own API keys (or try demo mode)
✅ No Tracking Zero analytics, zero data collection	✅ Open Source Audit the code yourself on GitHub
✅ Production Code Export TypeScript for your own tools	✅ 5-Layer Security Defense-in-depth architecture

**Built by**: [Charlie Su](https://charliesu.com), Former CISO --- ## 💡 This is a TopFlow Template **GitHub Security Scanner is 1 of 8 pre-built security workflows** running on the TopFlow platform. ### Explore More Security Templates

🔍 GitHub Security Scanner _{Repository security analysis} _{✅ You just tried this!}	🛡️ GDPR Compliance _{Automate data access requests} _{Article 15 workflow}	🔐 PII Detection _{Scan for sensitive data} _{Privacy-preserving pipeline}
🚨 Incident Response _{SOC automation workflow} _{Threat analysis with AI}	📋 SOC 2 Evidence _{Compliance automation} _{Audit trail generation}	🐛 Security Templates _{+3 more workflows} _{View all in builder}

**All templates include**: - ✅ Instant demo mode (no API keys needed) - ✅ Export to production TypeScript - ✅ Visual workflow editor - ✅ Security-first architecture **Want to build your own?** → [Launch TopFlow Builder](https://topflow.dev/builder) --- ## ⚡ Why TopFlow is Different **The Problem:** Current AI workflow builders store your data, require subscriptions, and lock you into their platforms. **TopFlow's Solution:** Built by a former CISO with security as the #1 priority:

✅ Zero Data Storage Your workflows never touch our servers	✅ BYOK Model Use your own API keys
✅ Export to Code Generate production TypeScript	✅ Security First SSRF protection, sandboxing, rate limiting

### Who Uses TopFlow? - **🏢 Security Teams**: Automate compliance checks and incident response - **👨‍💻 Indie Hackers**: Add AI features without vendor lock-in - **🏭 Enterprises**: Build secure internal AI tools - **🎓 Educators**: Teach secure AI architecture patterns - **🔬 Researchers**: Experiment with AI workflows safely ## 🎨 Build Custom Security Workflows TopFlow is a **visual workflow platform** designed for security professionals. **What Makes TopFlow Different**:

### 🔒 Security-First Architecture **5-Layer Defense Model**: 1. **Client-Side**: XSS prevention, input sanitization 2. **Transport**: TLS 1.3, HSTS headers 3. **API Gateway**: Rate limiting, DDoS protection 4. **Execution**: SSRF prevention, sandboxed JS 5. **External APIs**: BYOK model, no shared secrets **Built by Former CISO**: - OWASP Top 10 coverage built-in - Threat modeling at design time - Defense-in-depth patterns - Compliance-conscious (GDPR, SOC 2, HIPAA)

### 🛡️ Privacy-Preserving Design **Zero Data Storage**: - All workflows stored in browser localStorage - No backend database - No server-side data processing - Zero data breach risk **BYOK Model**: - Use your own AI provider keys - Keys never sent to our servers - No ongoing API costs for platform **GDPR Compliant**: - Data sovereignty (you own 100%) - No tracking or analytics - Right to be forgotten (clear browser data)

--- ### How TopFlow Compares | Feature | TopFlow | Other Platforms | |---------|---------|-----------------| | **Data Storage** | 🟢 None (localStorage only) | 🔴 Cloud databases | | **Privacy** | 🟢 100% client-side | 🔴 Server-side processing | | **API Keys** | 🟢 Your own (BYOK) | 🔴 Platform-managed | | **Code Export** | 🟢 Production TypeScript | 🔴 JSON/Config only | | **Vendor Lock-in** | 🟢 None | 🔴 Proprietary formats | | **Cost** | 🟢 Free (MIT License) | 🔴 Monthly subscriptions | | **Security** | 🟢 5-layer defense | 🔴 Basic protection | | **Built By** | 🟢 Former CISO | 🔴 SaaS companies | --- ## 🎥 See It In Action

**Build → Validate → Execute → Export Code**

--- ## ✨ Features That Make Us Different ### 🔒 **Privacy-First Architecture** ```yaml Your Data: Stored in your browser (localStorage) Our Servers: Never see your data or API keys Result: Zero data breach risk ``` ### 🛡️ **5-Layer Security Model** Every request passes through comprehensive security controls: 1. **Client-Side**: Input sanitization, XSS prevention 2. **Transport**: TLS 1.3, HSTS headers 3. **API Gateway**: Rate limiting, DDoS protection 4. **Execution**: SSRF prevention, sandboxed JavaScript 5. **External APIs**: BYOK model, no shared secrets ### 🤖 **Production-Ready Code Export** ```typescript // Your workflow becomes real code: export async function runWorkflow(input: string) { const client = new OpenAI({ apiKey: process.env.OPENAI_API_KEY }) const prompt = `Analyze: ${input}` const result = await client.chat.completions.create({ model: "gpt-4-turbo", messages: [{ role: "user", content: prompt }] }) return result.choices[0].message.content } ``` --- ## 🏆 What's Included ### Pre-Built Security & Compliance Workflows

**📋 GDPR Compliance Suite** - ✅ Article 15: Data Access Requests - ✅ Article 17: Right to Erasure - ✅ Article 20: Data Portability - ✅ Article 33: Breach Notification - ✅ Article 35: Privacy Impact Assessment - ✅ Automated compliance reporting

**🚨 Security Automation** - ✅ Incident Response Workflows - ✅ Threat Intelligence Analysis - ✅ Security Log Analysis with AI - ✅ Vulnerability Assessment - ✅ SOC 2 Evidence Collection - ✅ PII Detection & Redaction

### Enterprise-Ready Features - **🔒 5-Layer Security Model**: Defense-in-depth architecture - **🛡️ SSRF Protection**: Comprehensive URL validation - **⚡ Rate Limiting**: 10 req/min protection - **🔐 Sandboxed Execution**: Safe JavaScript runtime - **📊 Audit Trails**: Complete execution logging - **🎯 OWASP Top 10**: Full coverage built-in --- ## 🚀 Quick Start ### Option 1: Try the GitHub Scanner (30 Seconds) ```bash # No installation needed - just click: https://topflow.dev/builder?template=github-security-scanner&repo=facebook/react # Or scan your own repo: https://topflow.dev/builder?template=github-security-scanner&repo=YOUR_USERNAME/YOUR_REPO ``` **Demo mode active** - No API keys required for initial testing. --- ### Option 2: Run TopFlow Locally (5 Minutes) ```bash # Clone and install git clone https://github.com/csupenn/topflow.git cd topflow pnpm install # Start development server pnpm dev # Open http://localhost:3000 ``` **What you get**: - ✅ Full workflow builder - ✅ All 8 security templates - ✅ Code export functionality - ✅ Local demo mode (no API keys needed) --- ### Option 3: Use in Your Projects (Advanced) ```bash # Install the workflow core package npm install @charliesu/workflow-core ``` ```typescript import { validateWorkflow, executeWorkflow } from '@charliesu/workflow-core' // Use TopFlow's validation and execution engine // in your own applications ``` **Use cases**: - CI/CD security scanning - Automated compliance checks - Custom security tooling - Internal workflow automation --- ## 🛠️ Technology Stack

### Supported AI Providers

OpenAI
GPT-4, GPT-3.5

Anthropic
Claude 3

Google
Gemini Pro

Groq
Fast Inference

--- ## 📊 Why Developers Love TopFlow

⚡

30 Seconds
_{From idea to working workflow}

🎯

Zero Setup
_{Demo mode works instantly}

🔐

100% Private
_{Your data never leaves browser}

💻

Export Code
_{Production TypeScript, not JSON}

--- ## 📖 Documentation - 📚 **[Architecture Overview](docs/architecture/architecture-overview.md)** - System design & security model - 🎓 **[Quick Start Guide](https://topflow.dev/docs/learn/quick-start)** - Get running in 5 minutes - 🔧 **[Node Reference](https://topflow.dev/docs/build/nodes)** - All 12 node types explained - 🛡️ **[Security Documentation](https://topflow.dev/docs/security)** - Threat model & controls - 🧪 **[Testing Guide](TESTING.md)** - 437 tests, 95% coverage --- ## 🌟 Community & Support

### 🆕 Recent Updates & Milestones - 🔍 **v1.4.0** (Jan 2026) - GitHub Security Scanner with instant demo mode - 🎉 **v1.3.0** (Jan 2026) - Published @charliesu/workflow-core npm package - 📝 **v1.2.0** (Jan 2025) - Added GDPR Article 15-35 workflows - 🚀 **v1.1.0** (Jan 2025) - WebP optimization (97.7% size reduction) - 🛡️ **v1.0.0** (Dec 2024) - Initial release with 12 node types - 📊 **8 security templates** - Enterprise-ready workflows - ⭐ **Growing fast** - Join 1,000+ security-conscious developers --- ## 🤝 Contributing We welcome contributions! Especially: - 🛡️ Security improvements - 📋 Compliance workflows - 🔧 New node types - 📚 Documentation - 🧪 Test coverage See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. --- ## 📈 Project Stats

8
_{Security Templates}

12
_{Node Types}

5
_{Security Layers}

1
_{Former CISO}

100%
_{Privacy-First}

--- ## 📄 License **MIT License with Commons Clause** - see the [LICENSE](LICENSE) file for details. **✅ You CAN:** - Use for any purpose (commercial or personal) - Modify and customize - Export and own generated code - Fork and distribute --- ## 🎯 Start with the Scanner, Explore the Platform

### GitHub Security Scanner is your gateway to secure AI workflows

### ⭐ **Love the scanner? Star us on GitHub!** Your star helps other security teams discover these tools.

[![Star History Chart](https://api.star-history.com/svg?repos=csupenn/topflow&type=Date)](https://star-history.com/#csupenn/topflow&Date)

---

_{Built with ❤️ by Charlie Su • Former CISO • AI Security Advocate}
_{🔒 Security-first architecture • 🎯 Privacy by design • 🚀 No vendor lock-in}
_{📧 Contact: charlie@topflow.dev • 💼 LinkedIn}

✅ Privacy-First All analysis runs client-side (zero data sent to servers)	✅ BYOK Model Use your own API keys (or try demo mode)
✅ No Tracking Zero analytics, zero data collection	✅ Open Source Audit the code yourself on GitHub
✅ Production Code Export TypeScript for your own tools	✅ 5-Layer Security Defense-in-depth architecture